Opinion: Can we properly protect the connected car?
We’re entering an incredibly exciting time for the automotive industry. The connected car in all its forms is now very much a reality. By 2020 it’s expected there will be nearly a quarter of a billion of them on the world’s roads and that means we’re poised for something of a revolution.
The rise of the connected car is bringing about some fascinating new opportunities for in-car entertainment and communications. Beyond that, it promises a whole new world where cars can talk to each other, as well as to other devices and the infrastructure around them. You can already control your household devices from the car or ask it to find the nearest available parking lot. And that’s just the start. The possibilities are huge.
But with those possibilities come new challenges. Fundamentally, all communication paths into the car have to be secured to prevent malicious intrusion. That includes the car’s own wireless links, plus connected devices such as mobile phones and tablets. They need to be robust against forced entry, as well as malicious software hitch-hiking on legitimate service updates.
Consumers are already well aware of these risks. A report from McKinsey found that around 43% of buyers in the US were concerned about people hacking into their car and manipulating it, while in other regions the figure was as high as 59%.
It’s not hard to imagine criminals attempting to apply so-called ‘ransomware’ to cars. This could mean drivers being prevented from starting their cars – or even being denied control of a moving vehicle – until a sum of money is paid. The most extreme scenario is perhaps a widespread terror attack. This would be the hardest to orchestrate, but with the prospect of cars becoming linked to infrastructure – for instance traffic light control – it’s no longer out of the question.
So how do we go about combating these threats? Our focus has always been around two key parts of the solution – detection and prevention, and OEMs are already looking to apply these solutions to existing and new vehicles. Take for example our TCUSHIELD which provides double-perimeter intrusion detection and prevention solution (ID/PS) for telematics units and infotainment systems. TCUSHIELD works on two layers, with the first layer of defence seeking to block intrusions from the car’s wireless interfaces, while the second layer is designed to prevent any intrusion spreading to the car’s internal network.
Another solution from HARMAN’S Cyber Security portfolio is ECUSHIELD, an embedded software component for the car’s ECUs, which can search for any unusual communication patterns on the car’s internal network. Rather than applying an ‘anti-virus’ modus operandi, where the system must be updated regularly when new threats emerge, ECUSHIELD would detect ANY sign of irregular activity that might suggest an attack. Crucially, it’s also able to combat such threats in real-time.
Adoption will only happen if the OEMs can apply the technology and fast whilst interest is high. Both these systems can be installed without any hardware modifications, even on vehicles currently on the road. TCUSHIELD operates on the vehicle’s existing telematics unit, while ECUSHIELD can operate from any module connected to the CAN network (typically a central gateway). They’re also platform-agnostic, so it doesn’t matter what operating system is used for the car’s own functions, but perhaps more importantly - it allows manufacturers to retrofit them to existing vehicles, rather than waiting years for a planned refresh.
The ability to respond to new threats is going to be an increasingly important one as the degree of connectivity in our cars (and our lives in general) becomes ever greater. HARMAN is proud to be playing a pioneering role in automotive cyber security and looks forward to seeing what the future has to offer. It’s going to be an exciting ride.